A quick thought about encrypting and signing. From
Schneier's _Applied Cryptography_, section 2.7, the way
to do this is to first sign the deliverable in the private
key of the distribution, and then encrypt the deliverable
*along with the signature* into a single file. So if the
package is P, and S() is an encrypted hash signature, what
you download is: Ed( P + S(P) ).
Ed(), the encryption, and S() the signature, are done
using the distro's private-key. Each of the clients either
have the public key already *or* they grab it via SSL. First
they decrypt the whole thing, then hash the Package, then
decrypt the signature and compare the two hashes. If the
two match, you now know: the Package is intact, the Package
is legitimate.
Pub/Priv Key schemes do *not* need a fullblown PGP;
that's a user-space application. Crypto packages like Oscar
support RSA, now that its US patents have expired. I'm sure
a pretty lean "RSA decrypt" app can be written for the client:
it doesn't ever need to encrypt or key-generate itself (the
bulk of PGP's code I would imagine).
IMO, this is all very doable and pretty straightforward.
The nasty bit comes is *managing* the distro-key I wave my hand
at above. :) Key-distribution, especially key revocation, are
terribly nasty problems. It's not perfect, but using SSL to grab
a signed certificate is certainly doable, of course.
cheers,
Scott
> Mark Seiden wrote:
>
> > yes, i was imagining a conventional "hash and sign" operation.
> > the entire contents of the tar.gz (including all files and
> > directories, as well as their permissions) would be hashed.
>
> The usual method is to create a *.sig file for the binary file (in this
> case, a *.lrp file).
>
> > the hash would be signed by the packager, using their
> > private key.(let's ignore for now exactly how, but any kind of
> > digital signature supporting public key will do, for my purpose.)
> >
> > on the client, the public key stored on the floppy would be used to
> > check the signature of the hash, which would determine its
> > authenticity. the hash of the contents would be recalculated, to
> > determine whether any content had been altered after signature.
>
> As I understand signatures, a signature not only verifies the sender but
> also the contents of the item that was signed. If you change the "item"
> (message, tar file, whatever) then the signature becomes invalid.
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
